I have a Linux box here at my house and I tried generating the test certs off-site. I was fine for generating for my actually domain, JetBBS.com and www.JetBBS.com. The problem was with the cPanel stuff. Generating valid SSL certs for stuff like webmail.JetBBS.com, cpanel.JetBBS.com, etc. Those aren't subdomains but VirtualHosts. My understanding was I needed access to the actual document root for those VirtualHosts. For example, if I could successfully create a directory, like acme-challenge and put a test.html file in there, and then successfully view that file by going to something like webmail.JetBBS.com/acme-challenge/test.html, I would of been fine. But because I couldn't do that, I was SOL.

Was I doing something wrong and could I actually of generated valids certs for the cPanel stuff? Thanks!

Have you tried https://gethttpsforfree.com/ ? Just download the page, aka "save as" and run it locally if you are worried about anything, should help you set up for cpanel. I used it for our site which was crappy old CentOS 6.7 and wouldnt let me set it up with cpanel automatically. I havent tried it with virtualhosts but doesnt require the same way as using the .well-known if I remember correctly. Let me know how it works out for you. I will note I ran it on my computer, but ran the required commands on the server to generate the correct information; aka you need ssh access. Click the how do i generate this links to give you the needed info for each field.

Thanks StopSpazzing, but I have no need to use another site. I got the WHM / cPanel all sorted out. I just need to stop Apache before renewing, then restart it afterwards, that's all. I even got a script now that auto-adds the SSL certs to WHM and installs them for the various services (cPanel, webmail, whm, etc). Thanks though!

We just integrated Let's Encrypt into our control panel, apnscp, as the default means of securing web sites for clients of Apis Networks. Certificates automatically renew within 10 days of expiration too for a set-it and forget-it setup.

generating a csr on your own is more secure. thus you can provide one in the checkout process. generation of the csr on the server-side (optional) is a trade-off. it enables unexperienced users to use ssl encryption on their websites. encryption is better than no encryption.

I just put a ECDSA based cert on GoDaddy Linux Economy hosting; the cheapest hosting they have with the least features. They have a SSL/TLS manager right in cPanel I just had to generate the cert on a Ubuntu live system and copy it to their form fields. Redirects and verification are both working.